Gdpr

[Ragonz]

In light of the impending deadline of GDPR is WHMCS going to implement a system when users can request to be forgotten? if not its not too much of an issue as a support ticket would suffice I presume but it would be nice to have an automated system, will there be a system for checking age and if under 16 a way to prove that parental consent has been given to hold data on the client?

 

Basically will WHMCS be GDPR complient?

[brian!]

you mean the "impending deadline" that is May 2018 - still over 10 months away?

that's a lifetime in WHMCS development terms - v8 will likely be out by then.

 

it's entirely possible that with the deadline being so long away that...

 

a) WHMCS might not even be aware of it,

b) might not have any current plans,

c) and past experience shows even if they are and have, this won't likely be added until very close to the deadline...

 

i'll look forward to hearing what their plans are for this.

[Ragonz]

10 months may sound like a long time but to some companies if we need to go through all of our clients and basically ask them all if they are ok with us holding their data that is a massive task. This GDPR thing was put into place 27th April 2016 and is enforceable from 25th May 2018 so already more than a year has gone.

 

Thought it was prudent to bring it up now and put it on their radar than someone finding out a month beforehand and panic ensuing.

[brian!]

Thought it was prudent to bring it up now and put it on their radar than someone finding out a month beforehand and panic ensuing.

no it's good to bring it up now.

 

... but previous similar situations with WHMCS have shown that solutions get left until the last minute... and I can think of one situation where it went beyond the deadline - and caused some of us a whole lot of hassle in the process.

 

the redeeming feature about this problem is that it will apply to most (probably nearly all) WHMCS customers - whether they're in Europe or not... so WHMCS will have to address it's implication to their users at some point.

[brian!]

just to bump this with a link to the OpenSRS blog on GDPR, which I think others may find useful/interesting to read (even if you don't use OpenSRS as a registrar)...

Nominet have also announced this month that they're starting to work on GDPR compatibility...

Quote

With GDPR coming into force in May, we have looked at the impact of this on .UK.  We will be consulting next month on some changes that we consider are necessary, prudent, and in keeping with the ‘privacy by design’ ethos of the legislation. There'll be opportunities for members of course to contribute to those consultations, and to discuss these matters at forthcoming lunches, events or via our programme of webinars. We will be contributing our thoughts to ICANN’s recent call for ideas in a bid to encourage a consistent approach on GDPR across the industry.

I would imagine that v7.5 is going to be the first version to be GDPR compatible, but that might get delayed until WHMCS know what changes the registrars are going to make to their APIs etc - though it would be good for WHMCS to even acknowledge publicly that they are looking at this.

[WHMCS Alex]

Hello @brian!

Thank you for adding this information!

Quote

though it would be good for WHMCS to even acknowledge publicly that they are looking at this

I can confirm that investigations have begun into this.

Our development team have requested that users itemise specifically what it is they are wanting to see added to meet the requirements, as they understand them, to the following feature request - https://requests.whmcs.com/topic/gdpr-complance-legally-required-by-2018

[brian!]

5 hours ago, WHMCS Alex said:

I can confirm that investigations have begun into this.

good to know.

[lkitching]

It's good to hear that movements are being made towards GDPR by WHMCS. 

Am also following the feature request. Does WHMCS have any more public information on this yet with regards to a release date etc? Do you expect this to be in place in time?

[Ragonz]

Excellent that WHMCS are looking into this (albeit 6 months after I mentioned it) is there any sort of ETA on when it will be out as we would want to test functionality before the deadline.

[WHMCS Alex]

Hello @Ragonz

Quote

Excellent that WHMCS are looking into this (albeit 6 months after I mentioned it) is there any sort of ETA on when it will be out as we would want to test functionality before the deadline.

Our development team updated the status of the feature request (that I linked above) 6 months ago to confirm they had begun some initial research and investigation into what changes may be required for GDPR compliance.

Our development team will update that thread as more information becomes available. A month ago they updated the thread asking all users to itemise specifically what it is they are wanting to see added to meet the requirements as you understand them. I would therefore advise adding any information you feel is relevant to that feature request.

[WHMCS ChrisD]

Hi Everyone,

Just a quick update here, the Feature Request has been updated with the following:

Quote

We can confirm our team have been working on a number of changes to the product designed to help our customers with meeting their GDPR compliance requirements. These changes will be part of the upcoming 7.5 release which we anticipate will be released in March, well before the May 25th deadline. In the coming weeks, we will be publishing several blog posts relating to GDPR and what we're doing to help our customers be prepared for it, so please keep an eye on our blog for further information.

 

 

[brian!]

https://blog.whmcs.com/133405/gdpr-what-you-need-to-know

Quote

The General Data Protection Regulation (GDPR for short) is Europe's big new data privacy law. It comes into effect on 25th May 2018 and is the most significant piece of European data protection legislation to be introduced in over 20 years.

What is GDPR?

GDPR sets out new rules for how all European residents' data must be handled and replaces the 1995 EU Data Protection Directive.

GDPR strengthens the rights that individuals have regarding personal data relating to them and seeks to unify data protection laws across Europe, regardless of where that data is processed.

A regulation such as the GDPR is a binding act, which must be followed in its entirety throughout the EU.

Who does GDPR apply to?

GDPR compliance isn't just for European companies.

GDPR applies to businesses of all sizes, regardless of whether you have 1 or 10,000 employees, and regardless of where you or your company is based.

If you offer products and services to customers located within Europe, then GDPR will apply to you.

What is WHMCS doing for GDPR?

You can count on the fact that we here at WHMCS are committed to providing a product that enables you to comply with the GDPR requirements for your business.

We've been hard at work preparing for GDPR for some time. In consultation with our legal advisors, we are already working on a number of changes to the product that are designed to help you with meeting your GDPR compliance requirements. These changes will be part of the upcoming Version 7.5 release.

What should you be doing?

If you haven't already done so, you should start your compliance efforts now.

While WHMCS enables you to collect and store information, it's important to note that you as the site owner are the data controller. If your site can collect data from EU citizens, including those in the UK, then we recommend that you review your data privacy and security practices and begin researching your responsibilities.

Every business is different and that may affect what you need to do to comply with GDPR.. We encourage you to work with legal and other professional counsel to determine precisely how the GDPR might apply to you and your business.

Where can I find out more?

Below are some links to more information:

• UK's Information Commissioner's Office Guide to GDPR
• Data Protection Commissioner
• European Commission GDPR Portal

 

[WHMCS Marcus]

Some additional information regarding the GDPR features introduced in version 7.5 can be found here: https://requests.whmcs.com/topic/expand-and-align-filters-for-mass-mail-and-product-mails-for-gdpr

[J-B]

Hi, 
I tried to describe my request here 

The German lawyers advise to obtain an explicit consent to any forms, like a contact form or register form.

It seems to be enough to get a required checkbox for the consent. Like this ...

If the customer/user dont click the checkbox, the customer/user get an error that If they want to send a mail he must to accept the checkbox.

This must be the same to the register.php. Here must only add a new checkbox like the TOS.

 

Edited March 13, 2018 by J-B